HTTP: Oracle WebCenter Forms Recognition CroProj.dll ActiveX

This signature detects attempts to use unsafe ActiveX controls in the Oracle WebCenter Forms Recognition Component. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Oracle WebCenter Forms Recognition is prone to a remote vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Designer' sub component is affected. This vulnerability affects the following supported versions: 10.1.3.5

Affected Products

Oracle webcenter_forms_recognition

References

BugTraq: 53082

CVE: CVE-2012-1709

Short Name
HTTP:STC:ACTIVEX:ORACLE-CROPROJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2012-1709 CroProj.dll Forms Oracle Recognition WebCenter bid:53082
Release Date
04/30/2012
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Oracle

CVSS Score

7.5

Found a potential security threat?